Skip to main content
CVE-2023-43501 MEDIUM PATCH This Month

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Build Failure Analyzer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25526 MEDIUM This Month

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Cumulus Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5062 MEDIUM This Month

The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Charts
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5063 MEDIUM PATCH This Month

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Widget Responsive For Youtube
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-38876 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Login System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-42656 MEDIUM This Month

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moveit Transfer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22024 MEDIUM This Month

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vm Server Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20597 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware Ryzen 3 3200G Firmware Ryzen 3 3200Ge Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43499 MEDIUM PATCH This Month

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Build Failure Analyzer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43495 MEDIUM PATCH This Month

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-38718 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31014 MEDIUM This Month

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Google RCE Information Disclosure +1
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-40368 MEDIUM PATCH This Month

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Storage Protect
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-20594 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +122
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43502 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-43494 MEDIUM PATCH This Month

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-34047 MEDIUM PATCH This Month

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring For Graphql
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy